FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
cgustave
Staff
Staff

Description
The conserve mode self protections mechanisms will be changed in 5.6, main differences are :

 
- no more distinction between "kernel" versus "Proxy" or "system" types of conserve mode
- definition of 3 thresholds "green", "red", "extreme", all adjustable via CLI 
- trigger based on "memory used"
- new event logs
- new diagnose command "diagnose hardware sysinfo conserve"
- new conserve mode stats in proxy stats via "diag sys proxy stats all (see conserve_mode line)
 
  • 3 memory thresholds : red, extreme and green
'red' and 'extreme' : Both 'red' and 'extreme' are thresholds to enter in 'conserve mode' when the system memory used is over their thresholds.
When the used memory goes over the defined red threshold, the kernel raises the conserve mode state. FortiGate functions reacting to conserve mode state, like antivirus transparent proxies, would apply their own restriction based on their settings.
 
If used memory continues to increase and reach the 'extreme' threshold, conserve mode action taken with the red threshold are still active and additionally new sessions will be dropped.
  
'green' : When used memory goes below the 'green' threshold, kernel releases the conserve mode state. FortiGate functions reacting to conserve mode state would stop their restriction measures.
 
 
  • configurable thresholds
Though it is recommended to keep the default memory threshold, a new CLI command has been added to allow administrators to adjust the thresholds.
 
Default values are : 
- red : 88% of total memory  is considered "used memory"
- extreme : 95% of total memory is considered "used memory"
  - green : 82% of total memory is considered "used memory"
 
  • configuration (CLI only) :
 
config system global
    set memory-use-threshold-extreme 95
    set memory-use-threshold-red 88
    set memory-use-threshold-green 82
end
 
 
  • diag command
FGVM # diagnose hardware sysinfo conserve
memory conserve mode: off
total RAM:                            994 MB
memory used:                          448 MB   45% of total RAM
memory used threshold extreme:        944 MB   95% of total RAM
memory used threshold red:            874 MB   88% of total RAM
memory used threshold green:          815 MB   82% of total RAM
 
 


Internal Notes

 
This conserve mode change was originally planned for 5.4.2 but has been moved to 5.6 now

 

Contributors